CVE-2019-17440Improper Restriction of Communication Channel to Intended Endpoints in Palo Alto Networks Pan-os

CWE-923Improper Restriction of Communication Channel to Intended Endpoints4 documents4 sources
Severity
9.8CRITICALNVD
CNA10.0
EPSS
0.4%
top 36.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Palo Alto Networks Pan-osPaloaltonetworks Pan-osPaloalto Pan-os
Timeline
PublishedDec 20
Latest updateMay 24

Description

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may allow an attacker with network access to the LFC to gain root access to PAN-OS. This issue affects PAN-OS 9.0 versions prior to 9.0.5-h3 on PA-7080 and PA-7050 devices with an LFC installed and configured. This issue does not affect PA-7000 Series deployments using the first-generation SMC and the Log Processing Card (LPC). This issue does not affe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5palo_alto_networks/pan-os9.09.0.5-h3
NVDpaloaltonetworks/pan-os9.09.0.5
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-4w28-4cpv-vvf3: Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Management Card (SMC) may2022-05-24
CVEList
PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access2019-12-20

📋Vendor Advisories

1
Palo Alto
PAN-OS on PA-7000 Series: Improper restriction of communication to Log Forwarding Card (LFC) allows root access2019-12-19
CVE-2019-17440 — Palo vulnerability | cvebase